CVE-2011-0480: Buffer Overflow
First published: Fri Jan 14 2011(Updated: )
Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Chrome OS | <8.0.552.344 | |
| Google Chrome | <8.0.552.237 | |
| Debian Linux | =6.0 | |
| Ubuntu | =8.04 | |
| Ubuntu | =9.10 | |
| Ubuntu | =10.04 | |
| Ubuntu | =10.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://article.gmane.org/gmane.comp.video.ffmpeg.devel/122703
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610550
- http://code.google.com/p/chromium/issues/detail?id=68115
- http://codereview.chromium.org/5964011
- http://codereview.chromium.org/6069005
- http://ffmpeg.mplayerhq.hu/
- http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=13184036a6b1b1d4b61c91118c0896e9ad4634c3
- http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html
- http://osvdb.org/70463
- http://roundup.ffmpeg.org/issue2548
- http://roundup.ffmpeg.org/issue2550
- http://secunia.com/advisories/42951
- http://src.chromium.org/viewvc/chrome?view=rev&revision=70200
- http://www.debian.org/security/2011/dsa-2306
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:061
- http://www.securityfocus.com/bid/45788
- http://www.srware.net/forum/viewtopic.php?f=18&t=2054
- http://www.ubuntu.com/usn/usn-1104-1/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64671
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14380
- http://git.ffmpeg.org/?p=ffmpeg.git;a=commit;h=13184036a6b1b1d4b61c91118c0896e9ad4634c3
Frequently Asked Questions
What is the severity of CVE-2011-0480?
CVE-2011-0480 has a severity rating that indicates it can lead to denial of service and potential memory corruption.
How do I fix CVE-2011-0480?
To fix CVE-2011-0480, update to the latest version of Google Chrome or Google Chrome OS that is beyond the specified vulnerable versions.
Which versions are affected by CVE-2011-0480?
CVE-2011-0480 affects Google Chrome versions before 8.0.552.237 and Google Chrome OS versions before 8.0.552.344, among others.
What type of vulnerability is CVE-2011-0480?
CVE-2011-0480 is classified as a buffer overflow vulnerability in the Vorbis decoder within FFmpeg.
Can CVE-2011-0480 be exploited remotely?
Yes, CVE-2011-0480 can be exploited by remote attackers to cause application crashes or other unspecified impacts.
- agent/type
- agent/remedy
- agent/severity
- agent/weakness
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/author
- collector/nvd-api
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- collector/nvd-index
- vendor/google
- canonical/chrome os
- canonical/google chrome
- vendor/debian
- canonical/debian linux
- version/debian linux/6.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/8.04
- version/ubuntu/9.10
- version/ubuntu/10.04
- version/ubuntu/10.10